cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get the user info from a jsp

Former Member

on ‎05-09-2006 12:04 PM

0 Kudos

Hi all,

I have a jsp login page (FORM authentication) that when the user logon forward to home jsp page. Here I need to get the user info.

Now I'm using this, but it doesn't works:

String user = request.getUserPrincipal().getName();

session.setAttribute("idamUser",user);

if (request.isUserInRole( "xxxx" )) .........

Coul you please write me the right code to use and the library to import? Thanks a lot.

Vito

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-09-2006 1:17 PM
0 Kudos

Vito,

If you are using form based authentication, is your jsp's action defined as "j_security_check" and the text fields defined as "j_username" and "j_password" ?

Or may be I misunderstood your question?

Regards,

Kiran

Show replies
Show replies
Former Member
‎05-09-2006 1:48 PM
0 Kudos

In login.jsp:

<i><FORM action='<%= response.encodeURL("j_security_check") %>' name="FRM_LOG" method="post">

<tr class="contentTop"> ............</i>

In home.jsp:;

<i><%@ page import="javax.servlet.http.HttpServletRequest,amis.util.,amis.svc.user., amis.IDAMServer., java.io., amis.svc.cache.*" %>

<%! amis.svc.user.IAmisUser au;%>

<% au = amis.svc.user.AmisUser.getInstance(request,session);

%>

<html>

<head>

<%

String user = request.getUserPrincipal().getName();

session.setAttribute("idamUser",user);

if (request.isUserInRole( "xxxxx" )) { %>...</i>

I use a SAP FORM authentuication, the user/role is OK. I logon the login.jsp and then the browser go to http://milds2004:50100/HKN/jsp/j_security_check and this error:

<b> 404 Not Found

SAP J2EE Engine/7.00

The requested resource does not exist.

Details: Go to main page of this application!</b>

What is worng? Thanks a lot.

Vito

former_member185706
Participant
‎05-09-2006 2:20 PM
0 Kudos

Vito,

do you request directly login.jsp?

What is you security constraint in the web.xml?

Regards

Bojidar

Former Member
‎05-09-2006 2:28 PM
0 Kudos

Ho Bojidar,

I call directly login page. Here my web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
	<!-- servlet per lo struts menu -->
	<servlet>
		<servlet-name>action</servlet-name>
		<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
		<init-param>
			<param-name>config</param-name>
			<param-value>/WEB-INF/struts-config.xml</param-value>
		</init-param>
		<load-on-startup>2</load-on-startup>
	</servlet>
	<!-- Servlet per l'IDAM-->
	<servlet>
		<servlet-name>RPCServlet</servlet-name>
		<display-name>RPCServlet</display-name>
		<description>RPCServlet</description>
		<servlet-class>amis.svc.rpc.IDAMRPCServlet</servlet-class>
	</servlet>
	<servlet>
		<servlet-name>BlobServlet</servlet-name>
		<display-name>Blob Servlet</display-name>
		<servlet-class>amis.svc.http.IdamUploadServlet</servlet-class>
	</servlet>
	<!-- Servlet mapping per l'IDAM-->
	<servlet-mapping>
		<servlet-name>RPCServlet</servlet-name>
		<url-pattern>/RPCServlet</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>BlobServlet</servlet-name>
		<url-pattern>/BlobServlet</url-pattern>
	</servlet-mapping>
	<!-- Action Servlet Mapping -->
	<!-- Servlet per lo sruts menu-->
	<servlet-mapping>
		<servlet-name>action</servlet-name>
		<url-pattern>*.do</url-pattern>
	</servlet-mapping>
	<welcome-file-list>
		<welcome-file>/index.jsp</welcome-file>
	</welcome-file-list>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Protected Site</web-resource-name>
			<url-pattern>/index.jsp</url-pattern>
			<!-- If you list http methods,
            only those methods are protected -->
			<http-method>DELETE</http-method>
			<http-method>GET</http-method>
			<http-method> POST </http-method>
			<http-method> PUT </http-method>
		</web-resource-collection>
		<auth-constraint>
			<role-name>testrole</role-name>
		</auth-constraint>
	</security-constraint>
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>Roles Demonstration</realm-name>
		<form-login-config>
			<form-login-page>/jsp/login.jsp</form-login-page>
			<form-error-page>/jsp/noUser.jsp</form-error-page>
		</form-login-config>
	</login-config>
	<!-- Define security roles -->
	<security-role>
		<description>The Default Role</description>
		<role-name>tomcat</role-name>
	</security-role>
	<security-role>
		<description>A Second Role (to prove a comma-delimited list works)</description>
		<role-name>role1</role-name>
	</security-role>
	<security-role>
		<description>role for access to B.O.</description>
		<role-name>bo</role-name>
	</security-role>
	<security-role>
		<description>Role for non-access to B.O.</description>
		<role-name>nonbo</role-name>
	</security-role>
	<security-role>
		<description>Administration role</description>
		<role-name>administrator</role-name>
	</security-role>
	<security-role>
		<description>Reporting role</description>
		<role-name>reporting</role-name>
	</security-role>
	<security-role>
		<description>Uploading role</description>
		<role-name>uploading</role-name>
	</security-role>
	<security-role>
		<description>Agenzia role</description>
		<role-name>agenzia</role-name>
	</security-role>
	<security-role>
		<description>Sede role</description>
		<role-name>sede</role-name>
	</security-role>
	<security-role>
		<description>Area Manager role</description>
		<role-name>areamanager</role-name>
	</security-role>
	<security-role>
		<description>Venditore role</description>
		<role-name>venditore</role-name>
	</security-role>
	<security-role>
		<description>Amministratore del sistema</description>
		<role-name>admin</role-name>
	</security-role>
	<security-role>
		<description>Utente</description>
		<role-name>user</role-name>
	</security-role>
	<security-role>
		<description>Aggiunto da Vito</description>
		<role-name>Administrator</role-name>
	</security-role>
	<security-role>
		<role-name>testrole</role-name>
	</security-role>
</web-app>

Thanx,

Vito

former_member185706
Participant
‎05-09-2006 3:17 PM
0 Kudos

Vito,

the principle of FORM authentication is to protect the resources and when request them, if the user is not yet authenticated , it is redirected to the login.jsp. After the correct authtenticatin it is directed to the requested resource.

So it is normal to receive 404 response if you request directly login.jsp.

As i can see from contsraint below, you declare as protected only index jsp 

<url-pattern>/index.jsp</url-pattern>

And if you request it, you should see the login form for authentication.

Regards

Bojidar

former_member185706
Participant
‎05-09-2006 1:16 PM
0 Kudos

Hi Vito,

what is wrong there? isUser in role , returns false? is so , you may didn't configured properly security roles in the web.xml.

Regards

Bojidar

Show replies
Show replies
Ask a Question